The goal of the forensics theme is to design and build systems which automate many existing manual and time-consuming processes.
Forensic examination of compromised systems is a is time-consuming and very labour-intensive process, taking days and possibly weeks of valuable time.
Our work in this area has two strands:
- Building a fast system to identify (possibly hidden) malware on NTFS disks
- Using the COPINE ratings scale as the basis for rapidly and automatically identifying child pornography of various types on seized hard drives, to ensure that evidence can be obtained within limitation periods
Techniques developed within these two projects can be more broadly applied to forensic identification problems.